Friday, May 7, 2010

x5s - Automated XSS testing assistant Updated to v1.0.1 beta

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. By auto-injecting special character-probes x5s can detect where an emitted character may be ill-encoded or transformed and vulnerable to XSS attacks. The methodology used by x5s is to inject small probes which do not constitute a working XSS payload. In other words, x5s will not inject XSS payloads anywhere, it merely aims to identify character encoding and transformation issues that lead to XSS.

This is the v1.0.1 beta release of x5s. All feedback welcome in planning for the next release. Make sure Fiddler is installed prior to running the MSI installer.

Upgrade instructions:1. Uninstall x5s from the control panel, or by right-clicking the MSI and choosing uninstall.2. Then you can install the new MSI.

v1.0.1 - 2010-05-06Fixed bug where requests for HTTPS were wrongly going to HTTP.Fixed a bug where the Content-Length wasn't being updated for POST requests, causing failures from the server.Changed the layout of the results tab to make the datagrid view sizeable